Secure Coding mailing list archives

Yoran on the state of software security

From: "Kenneth R. van Wyk" <Ken () KRvW com>
Date: Mon, 19 Apr 2004 23:35:04 +0100

FYI, in addition to the report released today by the National Cyber Security 
Partnership on "Cyber Security Technical Standards and Common Criteria" (see 
http://www.cyberpartnership.org/041904.html), there's an article in eWeek 
quoting Amit Yoran on his take on the state of software security (see 
http://www.eweek.com/article2/0,1759,1570317,00.asp).  In the article, Yoran 
is quoted as saying, "It's inexcusable today to produce software that suffers 
from buffer overruns," he said to an audience of several hundred security 
managers and network operators. "We need to focus on software assurance in 
the development cycle and in real-world deployments."

You think he heard what I said on TechTV last week (see 
http://www.techtv.com/callforhelp/shownotes/story/0,24330,3662522,00.html)?  
Yeah, me neither...  ;-)

Cheers,

Ken van Wyk
-- 
KRvW Associates, LLC
http://www.KRvW.com

Current thread:

Yoran on the state of software security Kenneth R. van Wyk (Apr 19)
- <Possible follow-ups>
- Re: Yoran on the state of software security Kenneth R. van Wyk (Apr 20)
  - Missing the point? Michael A. Davis (Apr 20)
    - Re: Missing the point? Dave Aronson (Apr 20)
    - Re: Missing the point? Mads Rasmussen (Apr 20)
    - RE: Missing the point? Alun Jones (Apr 20)
    - Re: Missing the point? Jared W. Robinson (Apr 21)
    - Re: Missing the point? Paco Hope (Apr 20)
    - Re: Missing the point? Nash (Apr 20)
    - RE: Missing the point? Michael A. Davis (Apr 21)
    - Re: Missing the point? Pascal Meunier (Apr 20)

(Thread continues...)